The starting point for any compliance exercise is to carry out a full audit to understand what information the business holds, what its vulnerabilities are and what elements of the IT systems can be locked down. These include databases, information storage systems and business applications, which could put customers and the business itself at risk. Next, publish a security policy and inform everyone who works in the organization about what is and what is not allowed. Software products also can help organizations better audit, test and document their security processes. Examples include an on-demand PCI compliance service from Qualys and an enterprise-wide threat management and real-time compliance tool from Tier-3. Other suppliers include Computer Associates and IBM.

Learn more about compliance:
- read the article at ComputerWeekly

ALSO:
- read this on how flexible compliance saves time and money
- this on how compliance is more of an art than a science
- and this on compliance taking a leap forward